Syslog protocol (rfc5424 and rfc5425) utilities
Project description
loggerglue is intended to be a general purpose glue layer for the syslog protocol as decribed in rfc5424 and rfc5425.
This package includes:
a pyparsing parser for rfc5424
a wrapper class for rfc5424 syslog entries
an emitter for syslog messages, and associated convenience classes
a SyslogServer class supporting TLS (rcf5425)
A client example
Log a simple message with structured data to the local syslog daemon:
from loggerglue import logger
from loggerglue.rfc5424 import SDElement
from loggerglue.constants import *
l = logger.Logger()
l.log(prival=LOG_INFO|LOG_USER,
msg="Test message",
structured_data=[
SDElement("origin",
[("software","test script"), ("swVersion","0.0.1")])
])
A trivial server example
A simple TLS enabled server can be built as follows:
from loggerglue.server import SyslogServer, SyslogHandler
class SimpleHandler(SyslogHandler):
def handle_entry(self, entry):
print 'On %s from %s: %s' % \
(entry.timestamp, entry.hostname, entry.msg)
s = SyslogServer(('127.0.0.1', 6514), SimpleHandler,
keyfile='loggerglue-key.pem',
certfile='loggerglue-cert.pem')
s.serve_forever()
Here’s an example rsyslog configuration:
$IncludeConfig /etc/rsyslog.d/*.conf $DefaultNetstreamDriverCAFile /path/to/loggerglue-ca-cert.pem $DefaultNetstreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode anon *.* @@(o)localhost:6514;RSYSLOG_SyslogProtocol23Format
A more advanced server example
In this exemple we index the log data as it comes using Whoosh.
from loggerglue.server import SyslogServer, SyslogHandler
from whoosh import index
from whoosh.fields import *
import os.path
schema = Schema(prio=ID(stored=True),
timestamp=DATETIME(stored=True),
hostname=ID(stored=True),
app_name=ID(stored=True),
procid=ID(stored=True),
msgid=ID(stored=True),
msg=TEXT(stored=True)
)
if os.path.exists('indexdir'):
ix = index.open_dir('indexdir')
else:
os.mkdir('indexdir')
ix = index.create_in('indexdir', schema)
class SimpleHandler(SyslogHandler):
def handle_entry(self, entry):
writer = ix.writer()
writer.add_document(prio=entry.prival,
timestamp=entry.timestamp,
hostname=entry.hostname,
app_name=entry.app_name,
procid=entry.procid,
msgid=entry.msgid,
msg=entry.msg)
writer.commit()
s = SyslogServer(('127.0.0.1', 6514), SimpleHandler,
keyfile='loggerglue-key.pem',
certfile='loggerglue-cert.pem')
s.serve_forever()
And now a small search tool:
from whoosh import index
from whoosh.qparser import QueryParser
import sys
if len(sys.argv) == 1:
print 'usage: %s <search terms>' % sys.argv[0]
sys.exit(1)
ix = index.open_dir('indexdir')
searcher = ix.searcher()
query = QueryParser('msg').parse(' '.join(sys.argv[1:]))
results = searcher.search(query)
print '%d results\n' % len(results)
for r in results:
print '%s\n' % str(r)
searcher.close()
1.0 (25/03/2011)
Wladimir van der Laan <laanwj@gmail.com>
Add Sphinx-based documentation and docstrings
Emitter for syslog messages, and associated convenience classes
Fixes for RFC 5424 edge cases
Allow multiple of the same key in STRUCTURED-DATA by representing the parameters using a multidict
0.9 (28/01/2011)
Initial release.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file loggerglue-1.0.tar.gz.
File metadata
- Download URL: loggerglue-1.0.tar.gz
- Upload date:
- Size: 19.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a0519f06f507bdb8255688395ca6666831ec253735dc0cb8347d8e440db8b1d
|
|
| MD5 |
47a970a343e158db62923d2b9029fa1c
|
|
| BLAKE2b-256 |
b29f3207874a96613d386aceca1a2ddd449b27ab4f16a925ca5829faa7d0f5ed
|
